Interesting ... from the CGI docs: 
$CGI::POST_MAX
 If set to a non-negative integer, this variable puts a
 ceiling on the size of POSTings
...
 An attempt to send a POST larger than $POST_MAX bytes
 will cause param() to return an empty CGI parameter list.
 You can test for this event by checking cgi_error(),

[download]
However looking at the CGI code ($CGI::VERSION=3.05;), I see the following check: 

METHOD: {
   # avoid unreasonably large postings
   if (($POST_MAX > 0) && ($content_length > $POST_MAX)) {
      # quietly read and discard the post
      my $buffer;
      my $max = $content_length;
      while ($max > 0 &&
        (my $bytes = $MOD_PERL
                  ? $self->r->read($buffer,$max < 10000 ?   
                    $max : 10000)
                  : read(STDIN,$buffer,$max < 10000 ? $max : 10000)
      )) {
      $self->cgi_error("413 Request entity too large");
      last METHOD;
   }
}

[download]
I think that would be a bug in CGI.pm (anyone want to tell Lincoln). It seems to me that the line should be 
if (($POST_MAX > -1 ) && ($content_length > $POST_MAX))

[download]
but then again ... setting $CGI::POST_MAX to 0 is kinda silly in a real world context.

-derby

In reply to Re^2: CGI::Application and CGI security by derby
in thread CGI::Application and CGI security by Anonymous Monk

Title:
Use:  <p> text here (a paragraph) </p>
and:  <code> code here </code>
to format your post, it's "PerlMonks-approved HTML":


  • Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!
  • Titles consisting of a single word are discouraged, and in most cases are disallowed outright.
  • Read Where should I post X? if you're not absolutely sure you're posting in the right place.
  • Please read these before you post! —
  • Posts may use any of the Perl Monks Approved HTML tags:
    a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, details, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, summary, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr
  • You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)
            For:     Use:
    & &amp;
    < &lt;
    > &gt;
    [ &#91;
    ] &#93;
  • Link using PerlMonks shortcuts! What shortcuts can I use for linking?
  • See Writeup Formatting Tips and other pages linked from there for more info.